PowerOfficeold[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

PowerOfficeold.exe
Size

6.9MB
MD5

e79d03b09063dcac6d440a31cef43a0d
SHA1

f9ae9009d3f6cc5d9f5d9f489bdcd55946aa8150
SHA256

6489a98396910e38c0ebb9cdf6b6de1ac57ef742597bbc4619b70c56452b06c2
SHA512

3c18b49861ca58b31be5293c899e22c2b3f3248ff179654111fdb521c17589d4ade23f8fe69b9196777005f77c01152b39d54c410d8316a32d4a6e06261d1589
SSDEEP

196608:HcxcYKOBXBDJRT7m1DfCq50oivP7okGBv:h5Dqq50oivP7okGBv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PowerOfficeold.exe

Files

PowerOfficeold.exe
.exe windows:4 windows x86 arch:x86

bc7877db663bb85699287867f0fa2bcb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

ord582
__vbaVarTstGt
__vbaVarSub
ord583
__vbaStrI2
ord690
_CIcos
_adj_fptan
ord585
__vbaStrI4
__vbaVarMove
__vbaVarVargNofree
__vbaFpCDblR4
__vbaAryMove
__vbaFreeVar
ord588
__vbaLineInputStr
__vbaStrVarMove
__vbaLateIdCall
__vbaLenBstr
__vbaPut3
__vbaEnd
__vbaFreeVarList
__vbaVarIdiv
_adj_fdiv_m64
__vbaPut4
ord620
__vbaVarIndexStore
ord621
__vbaNextEachVar
__vbaFreeObjList
__vbaLineInputVar
__vbaGetFxStr4
ord516
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaResume
__vbaVarCmpNe
__vbaStrCat
ord552
ord553
__vbaCyInt
__vbaLsetFixstr
ord660
ord661
__vbaStrDate
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
ord662
__vbaHresultCheckObj
__vbaNameFile
ord557
__vbaLenVar
ord558
_adj_fdiv_m32
__vbaVarTstLe
ord666
ord667
__vbaAryDestruct
ord591
__vbaVarIndexLoadRefLock
ord592
__vbaBoolStr
__vbaStrBool
ord593
__vbaForEachCollObj
__vbaExitProc
__vbaVarForInit
ord300
__vbaFileCloseAll
ord594
ord301
__vbaCyAdd
__vbaOnError
__vbaObjSet
ord595
__vbaStrLike
ord596
_adj_fdiv_m16i
ord303
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord703
__vbaVarIndexLoad
ord305
__vbaCyStr
ord599
ord306
ord705
__vbaForEachCollVar
__vbaStrFixstr
ord520
__vbaBoolVar
ord307
ord706
ord309
__vbaVarTstLt
__vbaRefVarAry
__vbaFpR8
__vbaBoolVarNull
_CIsin
__vbaErase
ord631
__vbaVargVarMove
ord525
__vbaVarZero
__vbaNextEachCollObj
__vbaVarCmpGt
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
__vbaVarAbs
ord528
__vbaGenerateBoundsError
__vbaExitEachColl
__vbaCyI2
__vbaStrCmp
ord529
__vbaAryConstruct2
__vbaVarTstEq
__vbaGet4
__vbaDateR8
__vbaCyI4
__vbaR4Str
ord560
__vbaPutOwner4
__vbaNextEachCollVar
__vbaPrintObj
__vbaI2I4
__vbaObjVar
ord561
ord562
DllFunctionCall
__vbaVarOr
__vbaVarLateMemSt
__vbaCySub
__vbaCastObjVar
__vbaRedimPreserve
__vbaStrR4
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaR8Cy
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
__vbaVarAnd
__vbaRedimVar
__vbaLateIdCallSt
ord311
EVENT_SINK_QueryInterface
ord710
__vbaVarMul
__vbaExceptHandler
ord711
ord313
__vbaPrintFile
ord712
__vbaStrToUnicode
ord314
ord606
__vbaDateStr
ord713
_adj_fprem
_adj_fdivr_m64
ord315
ord607
__vbaR8ErrVar
__vbaVarDiv
__vbaI2Str
ord714
__vbaLateIdStAd
ord316
ord608
ord531
ord716
__vbaFPException
ord717
__vbaInStrVar
ord319
__vbaUbound
__vbaStrVarVal
__vbaGetOwner4
ord534
__vbaVarCat
__vbaDateVar
__vbaLsetFixstrFree
__vbaI2Var
ord644
ord537
__vbaLateMemNamedCallLd
ord645
_CIlog
ord539
__vbaErrorOverflow
__vbaFileOpen
__vbaVar2Vec
__vbaInStr
__vbaNew2
__vbaVarLateMemCallLdRf
__vbaR8Str
ord648
ord570
__vbaVarInt
__vbaCyMulI2
ord571
_adj_fdiv_m32i
_adj_fdivr_m32i
ord573
__vbaStrCopy
__vbaVarSetObj
__vbaI4Str
ord681
__vbaVarNot
__vbaLateMemNamedCall
__vbaFreeStrList
ord576
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord685
ord100
__vbaVarTstNe
__vbaVarSetVar
__vbaI4Var
__vbaVarCmpEq
ord689
__vbaFpCy
ord610
__vbaAryLock
__vbaVarAdd
__vbaLateMemCall
ord320
__vbaFreeVarg
ord612
__vbaStrToAnsi
__vbaVarDup
ord321
ord613
__vbaFpI2
ord616
__vbaVarTstGe
__vbaFpI4
__vbaVarLateMemCallLd
__vbaVarCopy
__vbaVarSetObjAddref
__vbaRecDestructAnsi
__vbaR8IntI2
__vbaLateMemCallLd
ord617
_CIatan
ord618
ord540
__vbaStrMove
__vbaCastObj
ord541
__vbaForEachVar
__vbaR8IntI4
ord619
__vbaStrVarCopy
ord542
__vbaPutFxStr4
ord543
ord650
_allmul
ord651
ord544
__vbaLateIdSt
__vbaVarLateMemCallSt
ord545
_CItan
ord546
ord547
__vbaFPInt
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr
ord581

Sections

.text
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc7877db663bb85699287867f0fa2bcb

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 6.8MB - Virtual size: 6.8MB

.data Size: 4KB - Virtual size: 165KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 6.8MB - Virtual size: 6.8MB

.data
Size: 4KB - Virtual size: 165KB

.rsrc
Size: 16KB - Virtual size: 15KB